Microsoft has failed to remove a long-recognised Windows Explorer security risk from Windows 7, according to security company F-Secure.

The 'hide extensions' feature, which was present in Windows NT, 2000, XP and Vista, is included in the Windows 7 release candidate, F-Secure's chief research officer, Mikko Hyppönen, said. The feature could allow virus writers to trick users into opening and running malicious files, he added.

"In Windows NT, 2000, XP and Vista, Explorer used to Hide extensions for known file types," Hyppönen wrote in a blog post on Tuesday. "And virus writers used this 'feature' to make people mistake executables for stuff such as document files."

For example, malicious code writers could name a 'virus.exe' file as 'virus.txt.exe' or 'virus.jpg.exe', he said. Windows Explorer would then hide the .exe part of the filename, meaning that the user would only see 'virus.txt' or 'virus.jpg'. Additionally, virus writers would change the icon displayed with the file in Windows Explorer so it looked like the icon of a text file or an image. Users might then click on the disguised file.

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha...
Full Bio